1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-02 22:03:14 +02:00
Commit Graph

29 Commits

Author SHA1 Message Date
Bram Matthys b600dffdc8 - Added auth method 'sslclientcertfp' which provides an alternative
method to authenticate users with SSL client certificates based
  on SHA256 fingerprints. This can be used instead of the already
  existing 'sslclientcert' so you don't have to use an external file.
  One way to get the SHA256 fingerprint would be:
  openssl x509 -in name-of-pem-file.pem -sha256 -noout -fingerprint
  Suggested and patch supplied by Jobe (#4019).
- Added documentation on the new sslclientcertfp
- Moved documentation on authentication types to one place and refer
  to it from each section (oper::password, vhost::password,
  link::password-receive, etc).
2012-10-15 21:25:38 +02:00
Bram Matthys 9ed1e4fa02 - Throw up an error if a password in the configuration file is too long
(max 48 characters), reported by JasonTik, based on patch from
  WolfSage (#3223).
2011-12-25 16:58:18 +01:00
Bram Matthys b8026bbc50 - Fix return values in src/auth.c on Win32. 2010-12-08 10:13:14 +00:00
stskeeps 74349aa334 - #0003429 reported by Bock about appearing to accept multiple auth blocks. 2007-07-09 19:46:28 +00:00
Bram Matthys 8eb88be500 - Made unreal_copyfile try hardlinking first, if that fails.. it will try to copy
(perhaps this should be a different function?). Anyway, this means less diskspace
  is needed (~1.5mb or more), and it also makes it a bit easier for RBAC (#2300).
- Made a new function DoMD5() which is ssl/non-ssl independent. Also made the cloaking
  module and the auth functions use it. Hopefully I didn't break anything ;). Suggested
  by Bugz (#2298).
2005-02-04 00:26:37 +00:00
Bram Matthys 47c5c36bda - Added salted passwords. Salts are useful because it "protects" against stored-plaintext
attacks (eg: rainbow) and prevents cracking of several passwords at once.
  This change means /MKPASSWD will now just generate a different string than before.
  Do note however, that the old syntax/encrypted passwords will still work and _will continue
  to work_ in the future, for at least the whole 3.2* series.
  If you are concerned with security and have some time, then converting your passwords
  is probably a good idea... Just in case your configuration file gets stolen one day ;).
- MD5 password encryption is now always available on *NIX, even if SSL is disabled.
2004-09-19 16:13:03 +00:00
codemastr 99bd34fbb9 Added module support for Windows 2004-05-12 22:02:05 +00:00
Bram Matthys 7c4418113b - Changed random number generator to use arc4random-alike routines so we can get "secure"
random numbers. We will also no longer be using rand()/random() anywhere.
  Thanks to dek\ for pointing out this is potentionally dangerous, especially on
  win32 with NOSPOOF enabled.
2004-01-19 19:49:28 +00:00
Bram Matthys eb6b8f89bb - Fixed ripemd-160 vs ripemd160 confusion, reported by thelight (#0000949). 2003-05-06 03:48:17 +00:00
codemastr c02033f3ca Fixed a bug when leaving off a parameter for a password config entry 2003-01-15 16:40:15 +00:00
stskeeps cd83b8a845 - Fixed win32 compile error with default: ; 2002-11-22 21:04:40 +00:00
stskeeps e4bd382898 - /rehash for conf3 (that works) :) 2002-11-22 16:16:33 +00:00
stskeeps 282cc51768 - Changed auth method sslpubkey into sslclientcert, which means it will check the X509 certificate of the
user using X509_cmp. Also needing is some policy/conf setting to adjust if to reject invalid client certificates or whatever..
2002-09-27 16:08:03 +00:00
codemastr e1c7eead30 ... 2002-08-25 16:54:00 +00:00
codemastr cebae72da4 Fixed a win32 password encryption bug in NT service mode 2002-08-25 16:35:17 +00:00
codemastr fdfdbd993e Added MD5 and SHA1 encryption to the win32 version 2002-07-01 21:09:01 +00:00
codemastr e81ca7b87c Added support for RIPEMD-160 encryption of passwords 2002-07-01 16:32:15 +00:00
griever 6f8aca82f3 -Wunused 2002-02-16 20:15:41 +00:00
griever c7fbfa3e92 Yeah yeah, blah blah shit 2002-02-02 02:24:44 +00:00
stskeeps 6d239e28ec - -Wall cleanup cleanup with SSL AUTH problem 2002-01-27 22:40:11 +00:00
codemastr 6b8c83ba85 Cleaned up a bunch of -Wall warnings 2002-01-27 20:28:41 +00:00
stskeeps f387fbbd4f +- Auth_Make fix for crypt method 2001-12-22 16:59:08 +00:00
stskeeps abea394dc6 ---------------------------------------------------------------------- 2001-12-02 14:50:58 +00:00
stskeeps 528d82b219 +- Added ssl-pubkey auth method (parameter = pem file for public key) 2001-12-02 14:39:59 +00:00
stskeeps d7889e777e moo 2001-12-01 23:55:30 +00:00
griever 69647bba3b Argh, no newline notices getting annoying now 2001-11-29 04:51:23 +00:00
stskeeps 197378a364 . 2001-11-15 22:00:37 +00:00
stskeeps c980e53fad . 2001-11-15 21:48:44 +00:00
stskeeps e9123b12db +- Added new auth.c API and a lot of different crap .. will document later 2001-11-15 20:26:52 +00:00